Paul Johnston independently came up with a [[http://​pajhome.org.uk/​crypt/​md5/​advancedauth.html#​alternative|challenge/​response algorithm]] that also falls in this category. ​ The algorithm is also [[http://​unitstep.net/​blog/​2008/​03/​29/​a-challenge-response-ajax-php-login-system/​|described in other words here]].

As it turns out, the "​read-only"​ algorithm described above is exactly the same as the main algorithm behind [[http://​tools.ietf.org/​html/​rfc5802#​section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://​tools.ietf.org/​html/​draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://​groups.google.com/​group/​sci.crypt/​browse_thread/​thread/​7a1e061ec58a29b0/​514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery.

As it turns out, the "​read-only"​ algorithm described above is exactly the same as the main algorithm behind [[http://​tools.ietf.org/​html/​rfc5802#​section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://​tools.ietf.org/​html/​draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://​groups.google.com/​group/​sci.crypt/​browse_thread/​thread/​7a1e061ec58a29b0/​514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery.

+

+

Paul Johnston independently came up with a [[http://​pajhome.org.uk/​crypt/​md5/​advancedauth.html#​alternative|challenge/​response algorithm]] that also falls in this category.